What you'll be doing:

• Leading and managing requirements per FedRAMP and DOD Impact Level specifications/controls and turning them into operational models and implementations for the InfoSec organization
• Deploy and operate security solutions and supporting infrastructure in cloud and datacenter environments in support of internal customer security needs and FedRAMP requirements
• Manage a scalable and highly available solution for security logging and drive efforts of logging onboarding for increased security visibility
• Develop and automate Security tasks that span from Security Operations to Infrastructure as Code in support of InfoSec initiatives
• Develop and maintain metrics and data models related to the FedRAMP program to drive compliance and optimization improvements

Experience you'll need: 

• Bachelor degree in Computer Science or related field or equivalent experience
• 6+ years experience in security engineering, building and managing security solutions across the stack (on-prem and cloud) 
• Strong understanding of logging and data management best practices and strong experience in any logging and/or SIEM platform
• Proficiency in any scripting language (Python, PowerShell, Perl, Ruby, shell, etc.)
• Working experience in GCP, AWS or Azure
• Experience with with security automation and data management tools (XSOAR, Phantom, Snowflake, etc)
• Leadership experience collaborating with internal customers to establish strong requirements, prioritize work based on outcomes that drive risk reduction and operational effectiveness
• Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements

Preferred Qualifications:

• Security certifications are a plus (CISSP, CISM, SANS certs, vendor certs, etc.)
• Basic knowledge of container technologies (Docker, Kubernetes, etc), microservices and CI/CD pipelines

Security and Privacy Responsibilities section: 

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Government’s interests:

• Know, acknowledge, and follow system-specific security policies and procedures;
• Protect data and individual privacy per requirements and regulations;
• Perform ongoing activities in compliance with service and contractual obligations;
• Participate in role-based training, completing assignments on a timely basis; 
• Report security issues promptly, and aid investigation when needed;
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls. 

Position Risk Designation section:

This position carries duties and responsibilities involving the U.S. Federal Government’s interests. The selected incumbent may be subject to one or both of the additional background checks with periodic re-screening as noted below:

Position Risk Designation: Non-Sensitive, Low Risk, Tier 1 

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date.